Hostile Networks : how-to-not-log?

Firewall options for RED interface
Drop packets from and to hostile networks (listed at Spamhaus DROP, etc.)

@pmueller: Thanks a lot!
How do I stop / disable having these logged?

Thanks in advance!
Kind regards

The only way I know of is to disable the Drop packets from and to hostile networks (listed at Spamhaus DROP, etc.).

Jon, I love your skill of being funny in a very dry fashion … :wink:
Peter’s approach is really valuable -
but the immense amount of flooding is hiding important log entries into being overlooked.
Perhaps one more tick box in the “Log …” section above will be needed?
Kind regards
Yours sincerely

What is Peter’s approach? I missed that one.

I am seeing ~11,000 DROP_HOSTILE items per week. All of them in red0 and none in green0 or blue0 or orange0.

So like you…

… I would guess someone smart will create a filter in the Firewall logging section to Log dropped packets from hostile networks (i.e., from red0)

Maybe that is what Peter is working on?

Introducing elementary network protection: Dropping all traffic from and to hostile networks by default

by Peter Müller, February 23

After activating, the flood started …

Ahh! Got it!

Hopefully it will be updated in a future Core Update!

Good day all.

If I might suggest reading some of this thread Location Block vs. Drop packets from and to hostile networks (listed at Spamhaus DROP, etc.) where there is discussion similar to this. What I have done, to reduce the length of the FW logs, is disable the “Drop packets from and to hostile networks…” and let the location block rule set drop the incoming traffic. I then set up a outgoing firewall rule to drop and log any outgoing traffic to a destination XD, that is the hostile networks. This should reduce your log burden and block the bad traffic.
Hope this helps.

1 Like

Thanks for your hint - and for your proposal as well!
Kind regards

Can you post a screen shot of your rule?

→ IN:
Enabled Location based blocking:
. . . A1 Anonymous Proxy
. . . A2 Satellite Provider
. . . A3 Worldwide Anycast Instance
. . . XD Hostile networks safe to drop

→ OUT:
Correspondingly created four rules @ positions { #1#4 ] :

. . . Source: Standard Networks: “Any”
. . . Destination: Location: { “A1” | “A2” | “A3” | “XD” }
. . . Protocol: “All”
. . . . . . . . . . . . . . . . . . . . . “DROP”
. . . [+] Activate rule
. . . [-] Log rule

Unfortunately, e.g. well-respected and renowned “” did not load any more.
De-activating #3: == "Location: A3 Worldwide Anycast Instance " allowed it to work again.
Where to place corresponding exceptions has to be investigated …

Jon, Sorry for the delay, Spring has sprung and the fields need to be tilled. Here is a snapshot, it is not much different than Manfred Posted, but I am just blocking everything heading to the Hostile Networks, aka XD. Location blocking XD is also enabled in Location Block.

1 Like